ISC SSCP System Security Certified Practitioner (SSCP) SSCP Dumps in PDF

Free ISC SSCP Real Questions (page: 17)

Which of the following choices describe a Challenge-response tokens generation?

  1. A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN.
  2. A workstation or system that generates a random login id that the user enters when prompted along with the proper PIN.
  3. A special hardware device that is used to generate ramdom text in a cryptography system.
  4. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.

Answer(s): A

Explanation:

Challenge-response tokens are:
- A workstation or system generates a random challenge string and the owner enters the string into the token along with the proper PIN.
- The token generates a response that is then entered into the workstation or system.
- The authentication mechanism in the workstation or system then determines if the owner should be authenticated.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 136-137).



What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics?

  1. Biometrics
  2. Micrometrics
  3. Macrometrics
  4. MicroBiometrics

Answer(s): A

Explanation:

Biometrics; Biometrics are defined as an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 37,38.



In biometrics, "one-to-many" search against database of stored biometric images is done in:

  1. Authentication
  2. Identification
  3. Identities
  4. Identity-based access control

Answer(s): B

Explanation:

In biometrics, identification is a "one-to-many" search of an individual's characteristics from a database of stored images.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.



In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered:

  1. Authentication
  2. Identification
  3. Auditing
  4. Authorization

Answer(s): A

Explanation:

Biometric devices can be use for either IDENTIFICATION or AUTHENTICATION ONE TO ONE is for AUTHENTICATION
This means that you as a user would provide some biometric credential such as your fingerprint. Then they will compare the template that you have provided with the one stored in the Database. If the two are exactly the same that prove that you are who you pretend to be.
ONE TO MANY is for IDENTIFICATION
A good example of this would be within airport. Many airports today have facial recognition cameras, as you walk through the airport it will take a picture of your face and then compare the template (your face) with a database full of templates and see if there is a match between your template and the ones stored in the Database. This is for IDENTIFICATION of a person.
Some additional clarification or comments that might be helpful are: Biometrics establish authentication using specific information and comparing results to expected data. It does not perform well for identification purposes such as scanning for a person's face in a moving crowd for example.
Identification methods could include: username, user ID, account number, PIN, certificate, token, smart card, biometric device or badge.
Auditing is a process of logging or tracking what was done after the identity and authentication process is completed.
Authorization is the rights the subject is given and is performed after the identity is established.
Reference OIG (2007) p148, 167
Authentication in biometrics is a "one-to-one" search to verify claim to an identity made by a person.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.



What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?

  1. False Rejection Rate (FRR) or Type I Error
  2. False Acceptance Rate (FAR) or Type II Error
  3. Crossover Error Rate (CER)
  4. True Rejection Rate (TRR) or Type III Error

Answer(s): A

Explanation:

The percentage of valid subjects that are falsely rejected is called the False Rejection Rate (FRR) or Type I Error.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.



Share your comments for ISC SSCP exam with other users:

R
ryo
9/10/2023 2:27:00 PM

very helpful

J
Jamshed
6/20/2023 4:32:00 AM

i need this exam

R
Roberto Capra
6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?

S
Synt
5/23/2023 9:33:00 PM

need to view

V
Vey
5/27/2023 12:06:00 AM

highly appreciate for your sharing.

T
Tshepang
8/18/2023 4:41:00 AM

kindly share this dump. thank you

J
Jay
9/26/2023 8:00:00 AM

link plz for download

L
Leo
10/30/2023 1:11:00 PM

data quality oecd

B
Blessious Phiri
8/13/2023 9:35:00 AM

rman is one good recovery technology

D
DiligentSam
9/30/2023 10:26:00 AM

need it thx

V
Vani
8/10/2023 8:11:00 PM

good questions

F
Fares
9/11/2023 5:00:00 AM

good one nice revision

L
Lingaraj
10/26/2023 1:27:00 AM

i love this thank you i need

M
Muhammad Rawish Siddiqui
12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.

A
al
6/7/2023 10:25:00 AM

most answers not correct here

B
Bano
1/19/2024 2:29:00 AM

what % of questions do we get in the real exam?

O
Oliviajames
10/25/2023 5:31:00 AM

i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!

D
Divya
8/27/2023 12:31:00 PM

all the best

K
KY
1/1/2024 11:01:00 PM

very usefull document

A
Arun
9/20/2023 4:52:00 PM

nice and helpful questions

J
Joseph J
7/11/2023 2:53:00 PM

i found the questions helpful

M
Meg
10/12/2023 8:02:00 AM

q 105 . ans is d

N
Navaneeth S
7/14/2023 7:57:00 AM

i have interest to get a sybase iq dba certification

A
Aish
10/11/2023 5:27:00 AM

want to pass exm.

A
Anonymous
6/12/2023 7:23:00 AM

are the answers correct?

K
Kris
7/7/2023 9:43:00 AM

good morning, could you please upload this exam again, i need it to test my knowledge in sd-wan with version 7.0.

M
Meghraj mali
10/7/2023 1:47:00 PM

very nice question

N
Noel
11/1/2022 9:14:00 PM

i have learning disability and this exam dumps allowed me to focus on the actual questions and not worry about notes and the those other study materials.

J
Jas
10/25/2023 6:01:00 PM

165 should be apt

N
Neetu
6/22/2023 8:41:00 AM

please upload the dumps, real need of them

M
Mark
10/24/2023 1:34:00 AM

any recent feeedback?

G
Gopinadh
8/9/2023 4:05:00 AM

question number 2 is indicating you are giving proper questions. observe and change properly.

S
Santhi
1/1/2024 8:23:00 AM

passed today.40% questions were new.litwere case study,lots of new questions on afd,ratelimit,tm,lb,app gatway.got 2 set series of questions which are not present here.questions on azure cyclecloud, no.of vnet/vms required for implimentation,blueprints assignment/management group etc

R
Raviraj Magadum
1/12/2024 11:39:00 AM

practice test

AI Tutor 👋 I’m here to help!